Hackers linked to the Russian military were most likely behind ransomware attacks last month against Ukrainian and Polish transportation and logistics organizations, Microsoft said Thursday.
The revelation will raise concerns in Washington and European capitals that allies backing Ukraine against invading Russia could face greater cyber threats from Moscow.
Poland is a member of NATO and a key channel for providing military aid to Ukraine.
The hacks “caused damage” to transportation and logistics companies in Poland and Ukraine, a Microsoft spokesperson told CNN. The extent of the damage was unclear. CNN asked Microsoft for more details.
Microsoft attributed the hacks to a group the Justice Ministry says works on behalf of Russia’s GRU military intelligence agency and caused power outages in parts of Ukraine in 2015 and 2016.
One of Ukraine’s main cybersecurity agencies, the Special State Communications Service, declined to comment.
This is a rare public example of an alleged war-related Russian hack causing damage in a NATO member country.
During the Russian invasion in February, another alleged Russian hack erased the data of two Ukrainian government contractors operating in Latvia and Lithuania, but this was widely seen by analysts as collateral rather than deliberate damage.
NATO Secretary General Jens Stoltenberg said a cyberattack could trigger NATO’s collective defense clause, requiring all members to defend against an attack on another member. But that never happened, and it’s unclear what NATO’s response threshold is in cyberspace.
A NATO spokesperson did not immediately respond to a request for comment.
The GRU-related ransomware attacks signal “an increased risk for organizations directly providing or transporting humanitarian or military assistance to Ukraine,” said Microsoft researchers, who have worked directly with the Ukrainian government to respond to the hacks. in a press release.
The Russian Embassy in Washington, DC, did not respond to a request for comment on Microsoft’s statement. Moscow regularly denies carrying out cyberattacks.
Russian hacking groups have carried out a series of cyberattacks during the war against Ukrainian government and corporate networks in activities that sometimes overlap with Russian military strikes. But the kind of high-impact hacking that knocks out power or other critical networks is largely missing.
The Russian hack played a peripheral rather than central role in the Kremlin’s efforts to take down Ukrainian critical infrastructure, U.S. and Ukrainian officials previously told CNN.